PRIVACY POLICY

InContatto Srl, with registered office in Viale dell’Oceano Atlantico 18 – 00144 Rome, VAT no. 12443641001, data controller, (referred to as the ‘Data Controller’ or ‘Company’), as provided for by the regulations in force (art. 13 General Data Protection Regulation, hereinafter also RGPD), provides users visiting the website www.incontatto.it (hereinafter also referred to as the ‘website’) with information regarding the processing of the data acquired.

WHO IS THE DATA CONTROLLER AND HOW TO CONTACT IT?

The Data Controller is InContatto Srl, with registered office in Viale dell’Oceano Atlantico 18 – 00144 Rome, P. Iva 12443641001. The Company can be contacted through the email address info@incontatto.it.

WHAT DATA IS PROCESSED?

The data processed are navigation data and data provided spontaneously by the user.

Data provided directly by the user

This category includes all personal data provided by the user in an optional manner (for example, when requesting information by telephoning the numbers indicated on the website or writing to the e-mail addresses given on the site). In the event that the user decides to contact the Data Controller through the appropriate forms on the site, he/she can find out in detail about the processing of the data requested by accessing the specific information on the pages of interest.

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment.

WHAT ARE THE PURPOSES AND LEGAL BASES OF THE PROCESSING?

Data provided directly by the user: purposes and legal bases

The personal data provided by the user in an optional manner by contacting the data controller are used only to process any requests made.

The legal bases for the processing of such data are therefore: the execution of pre-contractual measures.

The user may provide his or her data through the forms on the site, in the areas dedicated to certain services, where specific information is provided, which the user must read before providing the data, detailing all the information on the processing of the same, including the purposes and legal bases.

Navigation data: purposes and legal bases

Browsing data are used in order to obtain statistical information on the use of the website, for website security purposes and to check its correct functioning, and could be used to ascertain liability in the event of any computer offences to the detriment of the website.

The legal basis for the processing of such data is legitimate interest and, in the case of requests by the Authorities, legal obligation.

For the use of cookies or pixels for specific purposes and their legal basis, please refer to the cookie policy that can be consulted from the footer of the website.

Cookies

With regard to cookies and similar tools used by the site, please refer to the cookie policy.

WHO MAY KNOW THE DATA?

The data may also be disclosed to the IT companies that the data controller uses for the hosting service and for the assistance and maintenance services of the systems used, and to consultants for litigation management and legal assistance in the event of any disputes requiring their involvement. The data may also be disclosed to the competent authorities in the event of specific requests that the data controller is required by law to comply with.

It should be noted that some of the persons indicated operate as data processors and that communication to those who operate as autonomous data controllers is made because it is prescribed by legal obligations or necessary to fulfil the obligations deriving from the contractual relationship or the legitimate interest of the data controller consisting in maintaining the security of the information systems and in carrying out defence activities through legal advisors.

The data subject may request from the data controller the list of external entities that carry out their activities as data processors.

Communication is in any case limited to the categories of data whose transmission is necessary for the performance of the activities and purposes pursued.

HOW IS THE DATA MANAGED?

The data collected are processed using computerised tools and only residually on paper.

For data processing related to the services of the website, the Data Controller uses servers located within European territory and computer systems located at the Data Controller’s head office. Adequate security measures are taken to prevent data loss, illicit or incorrect use and unauthorised access.

The use of some of the services offered by the data controller, which the user can sign up for through a specific form on the site (as in the case of the newsletter), entails a transfer of data abroad; all the specifications are set out in the specific information notice dedicated to the service requested. It should be noted in advance, however, that the data controller will first assess whether the supplier it intends to use offers the necessary guarantees required for the transfer of data abroad.

The data provided directly by the data subject are stored for the time strictly necessary to process the requests and then deleted, without prejudice to defensive needs (which may require further storage).

The navigation data of users accessing the site are acquired and processed directly by the hosting provider without the Company having access to them.

With regard to data acquired through Google Analytics and other services that use cookies and similar tools, please refer to the cookie policy.

PROVISION OF DATA

With the exception of the navigation data required for computer and telematic protocols, the provision of data by users through the various methods made available is free and optional. However, failure to provide such data will result in the impossibility of being able to respond to requests made and use the services of interest.

WHAT ARE THE RIGHTS OF THE INTERESTED PARTY?

The law recognises the data subject’s right to request from the data controller access to and rectification or erasure of the personal data concerning him or her or to object to their processing, as well as the right to data portability.

The data subject may assert his or her rights at any time, without formalities, by contacting the data controller at the email address privacy@incontatto.it.

The rights recognised by current legislation on the protection of personal data are detailed below.

  • The right of access, i.e. the right to obtain from the data controller confirmation as to whether or not personal data relating to him are being processed and, if so, to obtain access to the personal data and to the following information (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organisations; (d) where possible, the period for which the personal data are to be retained or, if this is not possible, the criteria used to determine that period; (e) the existence of the data subject’s right to request from the controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing (f) the right to lodge a complaint with a supervisory authority; (g) where the data are not collected from the data subject, all available information as to their source; (h) the existence of an automated decision-making process, including profiling and, at least in such cases, meaningful information on the logic used, as well as the importance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or international organisation, the data subject then has the right to be informed of the existence of appropriate safeguards relating to the transfer.
  • The right of rectification, i.e. the right to obtain from the controller the rectification of inaccurate personal data concerning him without undue delay. Having regard to the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration.
  • The right to erasure, i.e. the right to obtain from the controller the erasure of personal data concerning him without undue delay if: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws the consent on which the processing is based and if there is no other legal basis for the processing; (c) the data subject objects to the processing being carried out because it is necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority vested in the controller or for the pursuit of the legitimate interest and there is no overriding legitimate ground for the processing, or objects to the processing for direct marketing purposes (d) personal data have been unlawfully processed; (e) personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject; (f) personal data have been collected in connection with the provision of information society services to children. However, the request for erasure cannot be granted if the processing is necessary (a) for the exercise of the right to freedom of expression and information; (b) for compliance with a legal obligation requiring the processing laid down in Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (c) for reasons of public interest in the field of public health; (d) for archiving purposes in the public interest, scientific or historical research or statistical purposes, insofar as erasure might render impossible or seriously jeopardise the attainment of the objectives of such processing; or (e) for the establishment, exercise or defence of legal claims.
  • The right to restriction, i.e. the right to obtain that data be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of a legal claim or for the protection of the rights of another natural or legal person or for reasons of substantial public interest of the Union or a Member State if: (a) the data subject contests the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of those personal data; (b) the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that their use be restricted; (c) although the controller no longer needs them for the purposes of the processing, the personal data are necessary for the establishment, exercise or defence of a legal claim by the data subject (d) the data subject has objected to the processing on the ground that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in the furtherance of the legitimate interests of the controller or a third party, pending verification as to whether the legitimate interests of the controller outweigh those of the data subject.
  • The right to portability, i.e. the right to receive in a structured, commonly used and machine-readable format the personal data concerning him/her that he/she has provided to the controller and has the right to have those data transmitted to another controller without hindrance by the controller to whom he/she has provided them, as well as the right to obtain the direct transmission of personal data from one controller to another, if technically feasible, where the processing is based on consent or on a contract and the processing is carried out by automated means. This right is without prejudice to the right to erasure.
  • the right to object, i.e. the right of the data subject to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in the furtherance of the legitimate interests of the controller or a third party. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him/her carried out for such purposes, including profiling insofar as it is related to such direct marketing.

The data subject is also informed that, should he or she consider that the processing of his or her personal data is in breach of the provisions of the GDPR, he or she has the right to lodge a complaint with the Garante, as provided for in Article 77 of the Regulation itself, or to take legal action (Article 79 of the Regulation).

FURTHER INFORMATION

With regard to cookies and similar tools used by the site, please refer to the cookie policy.